Good afternoon, ladies and gentlemen, welcome to our webinar. Digital identities in the internet of things, securely manage devices at scale, this webinar is supported by fro the speakers. Today are me Martin Kuppinger I'm CEO and principal Analyst Cole, and Kahar who is vice president manufacturing at fork. Before we start some quick information about Cola, I'm gonna be directly, will move into our agenda. Cola is an Analyst company. We are focusing on information security, identity management and related topics, including all areas concerning the digital transformation.
We do this by delivering research events and advisory in the area for research. We, for instance, have our leadership documents, which are comparisons of winners and certain defined market segments. Our executive reports and our types of research. We have our events such as our conferences, webinars, and special events. I'll talk about this a minute again, and we do advisory to end user organizations and vendors like for instance, supporting them in tools, choice, and setting up strategies and roadmap.
We have a couple of upcoming events which include our consumer identity world, that first of these events already as taken place in Seattle last week, we have upcoming events in Europe and in Singapore, we will run a cybersecurity leadership summit in Berlin, November, and our cyber access summit in parallel, the cyber access summit, being a German language event, the cybersecurity leadership summit being in English language, some guidelines for the webinar, your muted central is you don't have to mute or run with yourself. We are controlling these features. We are recording the webinar.
That will be a Q and a session at the end, but you can end the questions at any time using the question feature in the go to webinar control panel, which is usually the right side of your screen. The more questions we have, the better it is, the more life that Q a will be with that.
I'm already at the, at our agenda for today. I will talk a little bit about why and how entities for IOT was in the industrial and consumer it. So IOT. So why is this so important?
Why do we need to have a good control scalability for identities in the context of IOTs or the internet of things in the second part, the for truck will talk about how for drug is extending IM capabilities into the areas, managed unmanaged devices, enhancing the customer experience as well as security and privacy at scale for people services and things. And then we will move to our Q a session. I wanna start with something I put together quite a while ago, which I named the eight fundamentals for digital transformation.
There are eight fundamentals, which are to some extent, very information, security driven, and identity driven. But so there might be more than that.
We, when we go beyond these areas, but anyway, it's a very important perspective. I believe on the true transformation. So basically these fundamentals are the true transformation affects every organization. It is here to stay. It is more than IOT. It mandates organization of change. So organizations never will be the same.
Again, everyone, everything become connected. And we are talking here about massive scale. And when we look at manufacturing, we look at even bigger scale. We need to deal with security and safety. We have security as a risk and an opportunity. And finally, we have identity, which is glue because it's about who or what may get access to what, and I'll touch some of these fundamentals a little bit more detail. I'll keep others in the interest of time and then go a little bit more into detail. So the digital transformation affects every organization.
It's here for quite a while, but when we look what is happening, we see the smart watches. We see the trend towards connected vehicles. We see smart homes becoming a reality. We have smart scripts in the utility company, in the energy business. We have eBooks for, for quite a long time. We have digital music. This industry more or less is already transformed online retail. So also just reality today, online payment. And we see massive changes in manufacturing and there's all industries are affected.
And a big part of this change is that we have more and more connected things, both on the consumer side, like on the upper left edge, the smart watches and on the industry side, like on the lower edge, the manufacturing. So, but we also need to be clear about it's it's more than IOT. So I put this together a little in many industry, even without connect things.
It's a reality. So you might argue the book creator is in other areas. It's obviously that it's not necessarily the connected thing we have.
So we have also a situation that when we look at industry for that over smart manufacturing, that we, the entire operational technology area, it's also about phrase like that, quite big things there. So it's not just the small things, but it's also about big things, but these big things might be also, in fact, when we look at it more detail, I'll do this in a few minutes, might be a set of many, many small things. And so we need to understand that and need to understand at which level do we need to know these things? Do we need to control access?
Do we need to implement security, et cetera, but obviously it's also not only about connectivity. We need to understand the business model behind it and the services that make the business so trust having a new service, having connected things is not enough. We need to understand how do our business models change? What are the models for instance, by managing these connected things, et cetera.
And we have a shift towards earning money with services, less with selling things and maybe less with traditional approaches for business.
So the service will be what really is the fundamental thing in future. And obviously, yes, things are increasingly becoming connected. Many years ago, I started with this of cloud computing, mobile computing, social computing. So we have different deployment models. Everything is moving to the cloud. We have different people we deal with.
So it's, the focus goes beyond the users and the internals and the partners towards customers leads the prospects every time of consumer. And we have more model device as well beyond smartphones these days. But even there, we had this shift towards the connected world, and this is getting bigger and bigger again over time. So we have organizations that deal with devices that deal with things, the things and the devices might communicate.
They, things might deliver data to organizations. The people own the things. They utilize, the things they own the device and use their device. Or they might also use devices which are owned by an organization. And all of these things are communicating with each other. We are APIs. So we have services in the organizations. We have the apps and their APIs. So we have things that communicate, whatever we call that piece of software might be a signal or whatever, everything communicates, everything is connected. And we also need to understand how do we manage access to all that information?
How do we treat that information? Cause there's also a value in that information. So it's sort of the new ABC is the agile business connected. And with this connectivity thing, we also see that there's more security risks. So when we look at industry four and I would say one of the Quin sense of industry four is that we connect everything and everything is under attack.
So we need to understand what are the things, what is their identity, who has access to what, which thing, which service, which device has access to, what, which person has access to, what which organization has access to what a lot of these things and how do we protect this stuff? So security is a big thing here. We will focus on the identity aspect here, but it's a, it's a big thing to do.
So traditionally there were the business processes with certain established attack vectors and the manufacturing processes, which were well established and also had some vectors, but they were relatively rare because many of these environments were for a long time, rather disconnected industry. In fact, as we connect these things and we connect them.
In fact, we also sort of extend the reach of attack vectors to the OT world, to the manufacturing world, to the factory plan.
And so we need to get better. We need to manage the devices. We need to manage the things we need to get a grip on these. And that means we need also identity access management at scale for all of these environments. So with that, having said that we then frequently end up in discussions about security versus safety. My perspective is it is not a dichotomy.
So we have on one hand, the operational technology security or view on that, which is very much about safety of humans and equipment, which is about reliability, which is about weight avail of technology. The factory must run and it shouldn't explode. On the other hand, we have the information technology security, which is about confidential. Tell confidentiality about integrity, about availability.
We need both in the brief new world of smart manufacturing and the brave new world of connected things, connected vehicles, whatever we have people which use devices to access services and to control.
For instance, what happens in manufacturing and everything needs to be secured. There will be a BI direction of communication between the different areas and we have connected systems. So we need to merge OT and it security, not only security versus safety, it's about safety and security.
We need to rethink this stuff, sort of a software define or great technology might be an answer, but an essential element in that is identity. We need to understand the identity of all the connected things to manage the access, to manage large portion of the security. So with having said that identity is the glue. And even before I worked on these fundamentals for the security and additional transformation, I worked on seven fundamentals for future identity and access management. And they come into play here because many of them are super relevant. Identity is more than humans.
It's identity of things, devices, services, app, cause all of them communicate.
There are many identity providers and we will not manage all of these devices centrally in one directory anymore. There are multiple attribute providers. So there will no longer be a single source of truth and informational and identities anymore. There are multiple identities. So people will have many identities or personas, which between them, they will come in with different social logins, et cetera, multi laws, indicators, complex relationships who owns that device at which point of time.
And finally there's context. So in which context is device use, is it secure and identities super important, particularly in the context of connected things and devices, it increases the challenge. It's getting bigger. It's at scale. And four of the many challenges for of security variety are then safety attached. It. So ensure the needs are falls or failure cause damage, we need fair, safe mode and our stuff, this also a technical aspect.
But it's also about understanding these things are closely related. We have security and we need to get a crib on that.
That starts with identity that I come back to identity as severing privacy, again, who owns or whose data is it control about that data, super important and identity finally manage all the identities and their relationships, get a crib on that. That is essential and we need to do it right from the very beginning. If you don't do it right at the beginning, it'll be hard to change. So we can't simply replace hardware. We need to build it in from the very beginning, we need to do it in a very well sought out manner. The challenge is OT and all behind that can be super complex.
So we have identities, which work is various entities like a car manufacturer with a garage, whatever it would take, for instance, the connected vehicle, as an example, which use certain systems to work with controllers, for sensors that can be even more complex, but we have not only the one I thing.
So the identity and the thing we have identities of humans. We have identities of organizations. We have identities of systems. We have identities of controls.
And maybe even of the, depending on their sort of the capabilities, maybe even of sensors, not all of these components might be directly addressable. So we need to understand that controls might work, but unit direction, bidirectional, but at the end, it's a complex network of communication. And one element of that is which of these components, which of these identities access to what deal with that deal with the complex relationships deal with the scale to be successful. And we need to understand the complexity of access.
So part of that slide is connected because it's a very good example, but it goes well beyond that. So we have systems like the event data recorded the motor engine control in a or K wise on a, in, in a manufacturing environment.
We have various types of data, the state, the usage events, the individual configuration data. We have different organizations which might be interested. So that might be when we look at legals, it might be the police and that the government, certain, certain circumstances like an accident, the insurance company distributors, et cetera.
On the other hand, when we look at the factory, then we have the, the company which runs the factory, but also manufacturing of factory of the equipment, which might do service at a certain point of time has service intervals. When everyone goes on summer vacation and the, the factory is closed and there will be a lot of workers, external workers making changes in the production environment on the factory plan, on the production lines, we have the individuals and we have various types of events and obviously not everyone is allowed to access everything.
So who's allowed to see which data of a machine, obviously not everyone shall see every data once he has access. So it means we need to control. We need to understand again, the identities of people, et cetera. So we end up with an identity management challenge for the industrial IOT, but also for the consumer I IOT for industrial IOT. It's super interesting because the environments are far more complex than they might appear at first, first glance. So we need to understand who's allowed to access which data under which we went.
We might have a variety of IM systems like for employees, for customers, for business partners, suppliers, governmental organization, insurance companies. So we have not only the one identity we can use here, we have a data exchange, but some of the data might flow. Other data might be accessed real time. The data has distributed across multiple controllers and systems and systems usually are the best point to sort of enforce IM for the it, but not the only one.
They need to understand the different identities at the end. They will be probably more than one.
I am because we have messages, segregated control. So consumers versus the technical control. If you look at a vehicle are two very different things. And finally, we need to understand how data flows also from security and privacy aspect, which goes beyond the purely identity management aspect, but which is another parent thing. So from my perspective, it's very obvious. We need a very well sought our identity management. We need to do it very right and do it right from the very beginning and it's complex. And it needs scale with that. I hand over to Mr.
HOK, who will right now go more into detail and also look at how Fox rock supports these challenges.
Thank you, Martin. Thank you for the introduction and for the insight. I couldn't agree more. Let me just share my screen here. Okay. Seems to work now. Can everyone see it?
Yes. Perfect.
Thank you. So before I start and dive into the relevance of identity and digital trust in IOT, maybe a few words about for truck. We are a sun spinoff, so to speak originally founded eight years ago in Norway and the UK.
Now since quite a few years, headquartered in San Francisco, we do business around the world and our founders have been, and still are very visionary people. They took a very wide and broad definition of what digital identity will be because eight years ago it was single sign on and employee identity. And because of that visionary approach, the foundation in our product is such that IOT now is a natural extension to what we do. And on this slide, now you can see how digital identities evolved originally was employee identity with limited number of identities.
The next market that aroused is customer or consumer identity.
And the challenge is there is first of all, scalability, but also having a flexible system that can basically deal with the different requirements in, in various markets. Then moving on, extending it further. And that's a natural extension from managing identities for people to manage the relationship between people and services and things. And Martin talked about this quite extensively. This is just a recap, pretty much of what Martin said with in four truck.
We spent a considerable amount of time and energy to look at the barriers that customers face and our clients face when they enter into IOT projects. And we'll come back to this slide and do a recap of how we can help our customers to overcome these challenges and actually turn them into differentiating opportunities.
Now looking at identities in IOT, or looking from a, a digital identity perspective into an IOT scenario, you various stakeholders or actors to the right on this slide, you see the device and the sensor.
And I have made a note, their first class citizen, the way we deal with devices and things is we treat them at the same level with the same capabilities of the digital identity as we do with every other user and service, of course, in the environment, in a typical environment, you have a manufacturer of the device that may still service the device and users and you know, other applications, data that you need to access for a fully digitized business process. And this looks simple.
If you look at it here with seven actors and maybe multiple in every one of the instances, but if you imagine that your project and your service that you offer is successful a few years down the road, it looks more like this.
You have multiple customers, you have your internal employees, you may have partners, but you also have other attributes like locations that you may use for a second factor or policies that you need to follow.
So that, that is a real world. And if you imagine this to be a consumer application and you know, on, on black Friday or on peak days, your system breaks down, you don't want to do that. You want to have it scalable and powerful enough to run. Even at peak usage, same is true for a factory that runs 24 hours, seven days a week. If you don't have that capability that does that. It's very hard to recover.
So I fully agree with what Martin said, picking the right solution that is capable also with future requirements is absolutely key in IOT environments, because some of these things may out in the field and you may not be able to change them easily.
So in this case here, let's now quickly look at an example. And Martin mentioned the car earlier. So this is the consumer as an actor, as seen in the previous slide. And let's call him David David buys a car, he's a digital car and he's excited about it. He downloads the app either at the dealership or even at home.
He configures already what he wants the car to do. When he enters it from radio stations to temperature settings, to navigation, destinations, whatever it is, then he goes to the dealership to pick up the car. He gets a one time password with strong out indication, downloads the app for the digital key and off he goes. So he unlocks the car. He can drive. And every time he enter the car, no matter who was in there before all his personal settings are preset for him. And no one else can see the, you know, where he drove the car, what navigation destinations heed.
So there's also the privacy aspect. That's increasingly important in a shared economy. And if you look into sharing and we continue on with this example here, David has a brother. Let's call him Leo. Leo is the younger brother. He likes to drive fast. And David with his brand new car, doesn't feel so easy about his brother driving the car. On the other hand, he doesn't really want to say no.
So he can set very easily limitations of what Leo is about to do, where he can drive, basically set a geo fence limit the acceleration or the top speed or a combination of those then sends an invite to his brother. He adopts starts with social registration, but then moves on with additional credentials to his high quality identity, and then can download the app is authorized to unlock the key, to unlock the car and drive the car.
But only during the times this product allows it. So that's very easy to share within the family, but also with others, with such an identity system.
This is now seen from a consumer perspective on the next slide. I'd like to go into more the commercial world oft and any business. And that can be a common manufacturing, can be a car dealership, but it can also be a company that builds life saving medical equipment or someone that sells multimillion dollar robots into a factory.
Or, you know, if you think of building management and HVAC system, or even consumer white goods, any company engaging in, in such a, a digitization process has basically two options. One is optimize the business, basically do more efficiently and better what you do or transform your business and move on to value, add services, sorry, I dunno what it does. And many companies to actually a combination of both.
If you look into building management, one of the examples would be in business optimization, you swap regular light bulbs for L E D lights.
It's more efficient, more energy conserving illumination of the building. The business transformation approach to this example would be basically to sell light as a service, to still replace the light bulbs with LEDs, but also take on all the responsibility for serving it and basically offer a carefree service to the person that rents the building that operates the building. If we look at the requirements that are there for a digital identity system in an IOT environment, we've again, separated the capabilities into the business optimization feature and the business transformation use case.
On the left hand side, you will see the requirements are more around the product. And even though there is some overlap between the two use cases, the business transformation has an increasing aspect also on other human beings that deal with the product or with the resulting service.
I'm not gonna go into every one of these individual capabilities, but let me start at the top left device, attestation and IOT authentication. That's really the root of having a very strong digital identity. What we can do with our identity edge controller is we basically tap into a hardware key.
That's hidden in the hardware itself at the gateway or at the edge controller level, or even at the device level. We use that and have an encrypted connection to our backend and to the cloud. And that is a strong authentication for the device itself. Once you have authenticated device, the device, you can then authorize this device to send data in different directions. Because as Martin mentioned earlier, not everyone might be able and allowed to access every piece of information. Another aspect not to forget, especially on larger scale systems is the digital twin.
Once the device is onboarded, we basically collect a full set of attributes and store it in our identity store.
That's the status of the device, the location, a complete inventory of all the assets of who owns it, what versions of software on it and, and the relationship to other stakeholders, you can then search your inventory of devices or identities. Not only limited to things or people, but across, but just think of update needs or downloading features as a service to certain devices. You can quickly identify the device, you know, where it is located, you know, what state it is in.
And then you can basically update the device or a certain class of devices that all need to be updated. Data integrity, also a very important feature and hinging, very strong on a very strong and trustworthy digital identity. We send data in an encrypted way between the edge and the cloud. The system can send encrypted data if you decide to do so. And we tack the data with a location and with a time.
So it's not pieced together at the data store level. There is contextual data coming right there from the source.
And as Martin mentioned, I believe in the car example, but there is many examples where you have multiple identities within one system because you have multiple sensors, but you have also different data streams that may have to be accessed by different groups of people. Not everyone should see everything.
And so you can now dynamically configure southbound identities from the IOT edge, into the individual identity level, moving on off to the right, of course, things as well as individuals can have relationships with other identities because they're all our first class citizens within the identity store in the business transformation use case is, is also important that you can bridge between information technology and operations technology.
And while we in identity cannot solve all the problems, but having one repository for all the identities from the factory to the employees, maybe even to the supply chain and to the customer avoids silos, and you can access information and data from different sources without having to write a lot of custom code single platform, same thing plays along the same lines that I just outlined data integrity we had before.
Let me quickly touch on two very important one smart authorization and fine grained, authentic.
That's basically a person accessing the device and our system that's well proven in the market, of course can do multifactor authentication. We can do biometric checks. We can have location and other means of second and third and multifactor, but we can also do something that we call ramp up. Basically you start with simple username and password. Then that person may have access to the device and get its device status as the person wants to do more. First of all, needs to be authenticated, but also needs to be step by step authorized to get a stronger authorization.
So the person can actually take action on that device. And then last part, not least life cycle management is an important aspect in having devices. As first class business makes that easier to manage the ownership and through the life cycle of, of a project of a product. And then last but not least, you have privacy and confidentiality requirements in that environment in some markets more than in others. If this is healthcare, of course, there's a lot of personalized and very sensitive data, but that could also be IP.
That's hidden somewhere in a machine that you don't want other people to access. So you can absolutely limit the access and make sure you protect not only personal data, but also IP and corporate data.
Now we've looked at, you know, some of the requirements and the features needed for ant implementation. Many of the IOT implementations look more like this.
Yes, you have a gateway or an edge controller, and there is multiple sensors and other devices behind that, but there is only one access. There is only one identity that can be managed. And in some cases the hardware is not even signed. So someone could temper with the hardware, replace it with a different one and you don't cannot be sure whether the data really come from exactly the device you think they're coming from. So adding strong digital identity and access management helps to overcome that problem and manage the complexity.
First of all, once you have a lot of southbound identities and sensors, basically off the grade box, further down the system, you can give all of them an individual identity, but it's not only limited to a sensor or another device. It can also be a data stream or a service that's coming off that edge controller of the factory of that module of a factory. And I've tried to illustrate this on this slide. So you have multiple of these, and then you have multiple actors on the other end and they all have different requirements.
And that I think illustrates nicely how quickly these things become complex that need to rely on a very powerful and proven system that actually has been tested on the load in the marketplace.
Just to give a few more example on, on the actors. So you have on the right, the factory operation, just as an example, that the group of people could have full access to everything that is in the edge and southbound of it. Then you may have a user of the device and they have user operate the privileges. You can have other devices connected to it that subscribe to certain selective data streams.
And then you have potentially a service technician as Martin outlined earlier in his presentation that has needs to have temporary access, of course, privileges according to the qualification to retool parts of the factory, but also only temporary have access. And every action can be correlated between the person and the device and therefore, you know, exactly at every point in time who did what in the factory.
Now, coming back to this slide that I showed briefly earlier, one of the challenges to master is of course, security in IOT. And while we are not the only security play in an IOT environment, there may be other requirements for intrusion detection prevention, but having a very strong and in itself, very secure digital identity and access management system, and very strong identities that only onboard known systems goes a long way towards building a secure system. Then there's always the cost and the ROI aspect in every investment that companies take and people take.
And yes, there is a cost associated not only with the identity and access management, but also with other machine learning algorithms that may be deployed in an IOT scenario, but having one single platform has many benefits. First of all, you set the bar low for business pro process digitization because you can now easily access data from across the enterprise.
The other big aspect that saves money and speeds up time to market further down the line is if you have one system and you add capabilities for your customers, you have it for all your customers across all your business lines.
While when you end up in silos, that could be the pitfall for tomorrow. And you, again, end up writing custom code to access the data from one silo to the other. Another aspect that's important is the integration with the existing infrastructure, not only within the enterprise, but potentially if you think of a smart city environment also with other entities and, you know, having a well proven and widely deployed identity and access management system in the market with 1.7 billion identities out there deployed, we have all the means to connect to legacy systems.
We do that every day with our clients. So we have a deep root in it, but we've also developed a very strong and deep understanding in the IOT world.
And from what I can see in the market, this is a unique combination that for truck offers in this place. And then of course the last one that people need to overcome and manage is complexity and scalability.
I talked already about the scalability, so don't want to go into a more detail on, on the scalability, but having one platform is also important because it minimizes the complexity and it eases the access of, of data from other parts in the enterprise. And of course our platform can run in the cloud on premise off premise in various channels. And that is also important because in some cases you may want to limit certain IP to remain within physical or political boundaries for expert restrictions or for data privacy reasons or, or other reasons that you might have within your company.
I've been focusing on IOT for many years and I've seen many projects. And I'd like to just make a few comments where I have seen how projects work well. And I've also seen projects. They did not work so well or took significantly longer than originally anticipated. And one thing that's important is IOT is a, a disruptive innovation. So it goes across the different entities and it's most likely not beneficial to just look at one single point and implement the point solution. This really should have an overarching enterprise vision.
And then yes, you know, start with small projects with burning burning problems that you haven't implement them and then run fast. So in, in short, my guideline would be think big in the first place, then start small and then run fast implement project after project.
And in closing, if you are implementing IOT, you most likely don't do it for IOT's sake. You need to know your customer. You need to know what they do with your product in order to offer customized services and added value to your customers.
And this is exactly what customers expect today, and that will only increase in the future. So having access to the data is key, but you need to be able to trust the data, to take action on it. If you cannot trust your data, it's very difficult to make big, bold investment decisions based on those data. And we provide exactly that. We provide a digital identity solution that allows you to get access to data that you can trust. And without that, I thank you for listening and turn it back to Martin or
Yes, Martin is here again. Thank you. And then let's directly move to the Q and a session.
We already have a couple of questions here. And again, I like to remind the audience, enter your questions. The more questions we have, the better list, the more we can go into detail. And I think you already I've understood that say over is very, very experienced. Persons are don't hesitate to enter more complex, more challenging questions here. So from the questions I already up here, the first one is I handed over to you, Mr. Say it over. Should identities of things be treated differently to those of people or where or well, should they be treated differently?
Maybe that's the better question.
First of all, thank you. That's a good question. And I divide the answer into two parts. How you create a strong identity for a device is different to how you create an identity for a person, because a person can have the username in the password. And we all know the means for additional factors, a device doesn't do that. So you have to have an identifier somewhere in the device, the most secure way. And this is what we support among many other implementations is having a secure key and the signed hardware.
So you can uniquely identify that hardware that gives you the best quality digital identity. If you have the key somewhere in software or through a USB key or whatever, that's also possible. And they all have their pros and cons having assigned hardware also adds complexity to it, but where needed makes sense. So there is a difference between people and things on that side.
Now, once you have the identity, how you deal with it and how you make it accessible across the enterprise or across an ecosystem should not be different. Why should it, you know, data don't care whether they come from people or things and, and the same is true if you want to access information.
So the, the more transparent that is the better it is for business process digitization. So creating the identity. Yes. There's a technical difference managing it in the identity universe.
No, there shouldn't be a big difference.
Okay. Thank you very much. And thoroughly move to the next question. What are from your perspective, the biggest use cases for identity and IOT?
Also a good question.
There, there is many, there is probably thousands of use cases, but the question was where, where the big ones, I think, you know, smart cities are big use cases and, and growing there is also a lot of momentum in business process optimization and in the manufacturing space. But those are the things in, in the commercial world that I would say is the big drivers in the market, in the consumer space. You've mentioned it, right, the music business, and also other digital content is, is, is also a big factor in, in IOT.
Okay.
How, how mature, or how far do you see the adoption for off, let's say modern identity concepts for such use cases. So things going forward is one thing about doing it, right. And we talked about, as we touched in both our presentations, it's a different thing.
So how, how would you rate sort of the level of, of maturity of yeah. Readiness for these use cases? Yeah.
I probably'd like to hear your, your view on that also, but my view on this is digital identities in the classic IOT, or since we are doing this in Europe, in industrial 4.0 is somewhat of a new concept, but it gets adopted quite a bit. And the way I look at IOT evolving is if you think of devices at machinery first, it was the features of the equipment that was important and time to market. Then the things got connected and security became a topic.
And everyone int today talks about security and connectivity. I see this already as a given, many of these things are connected and people are now dealing with security. The next wave, as soon as you go beyond your initial deployment, for a proof of concept will be managing the access for this devices, managing them through the life cycle. And this is where digital identities are very vital.
And so we, we are almost at an inflection point. It's a bit, it varies from industry to industry.
You know, the, the digital content industry is probably further along much further along than the manufacturing industry, but we see this inflection point in, in many of the markets.
So, so what, what I see from my perspective is that that still things are, are frequently, I would say to some extent, oversimplified. So the vehicle is not one identity, it's a set of many, many different things which should have their own identities and should be treated really very different. And I think we still have some way to go aside of things like patch management, et cetera.
So all the updated patches, whatever we need for there. So I think we are on the way, but it's still in many areas. It's still a very long term here. I feel.
Okay, let's move to the next question. Now, what do you think is the biggest challenge of identity management within thet?
The biggest challenge really is that it is a, a rather new technology it's not been present in, in the operations world. The operations world was not connected, as you said, in, in your presentation. So it was air adapted for a long time. Now it gets connected and there are fundamental difference between it and OT.
And there is no one size fits all, but there is certain areas that is well proven in it, such as scalable digital identity and access management systems that are also very beneficial for OT implement and yeah, having, having this not have to overcome, they're not invented here. Part of the market is probably a big part.
Okay.
I also believe that one of the challenges is that in many of these areas still very old and very proprietary that goes into your comment standards or technologies are used, which leads to another question, which just came in, are there standards around or coming that will be adopted for use cases. So, which are the, the main standards you see, particularly from an identity perspective in depth world.
That's a good question.
I wish there would be some more, yeah, there is some activity with consortiums, but the, and we do support standards where they exist and we have well defined APIs where no standards exist. So we can connect to legacy systems either through gateways and bridges or through standard APIs in, in the it world where there are legacy systems. I think the consolidation has yet to happen. There is still a lot of innovation in it, and yes, there are models I think from Hoover and, and some other comp entities thinking of data models and, and, and standards.
And I think even the European union list or whatever that entities is called is, is thinking of along those lines, putting out guidelines, not limited to digital identity, but describing the challenges in how they could and putting recommendations on how they could be overcome. And there is probably not the standard, but there is more and more communication and focus on having proper digital identity management in IOT scenarios.
Okay. Then we have another question here. Would you please comment on the relevance of the zero trust model to T the, I think a very interesting question.
Maybe you start and I bring in myself as well.
Yeah. I'm yeah.
I'm not a, a full blown security person, so, but yeah, I, yeah, I think it's important yeah. That you have a, this serial trust assumption and that you, as, as you outlined also earlier, that you assume that someone will actually break into your system. And I think there is also policy needed to define how you work when you have been preached.
You know, if you have a big factory running, shutting it down, maybe more damaging than having it operate in a, in a certain special mode and having preparations for that may actually limit limited damage. There is no absolute security.
So, you know, at some point people will be confronted with that. Mm.
And so, so what I'd like to say first on that is, in fact, the term zero trust is a little misleading because it's not really zero trust. It's more than contrast to a central trust model we had before, where we trust one entity for everything.
It's, we have a distributed trust to many entities we trust to a lesser extent. But anyway, the challenge, I think in the IOT context might arise in some areas. So in some areas that might work well in some areas, we might have a situation that we say, for instance, certain configuration changes might only come through one specific system.
If you think about or other critical or some critical areas of a or other device, it might be that, that you, that you can't work that well with, with a zero trust model where you say really sort of, of a distributed trust, but that you really say, okay, I only allow communication from that system.
That might be more towards the action behind the edge, sort of within the set of things you're dealing with within the factory floor.
But from that towards the outer space, obviously zero trust works as well and will be however you phrase it and you name it will be one of the, the essential models to look at. And that is also then understanding of which combination of sort of information and, and more or less trustworth information. Do you need to really allow certain types of actions? So I see an influence. We need to be a little bit more careful than other areas because there it's not only about restricting access, but it can, it's also about understanding the safety impact and how you can deal with that. Okay.
I think we are done with the questions. If there are no first questions, then it's up to me to sync. So thank you to all the attendants of call webinar, hope to have you soon again, one of our upcoming webinars and say, thank you to me. You Mr.
Theto for, for your presentation and all the input you provided for this cooking code webinar.
Thank you.
